|
|
DoS remoto en API de serialización de Sun Java VM
|
| |
VSantivirus No. 1608 Año 8, miércoles 1 de diciembre de 2004
DoS remoto en API de serialización de Sun Java VM
http://www.vsantivirus.com/vul-java-api-301104.htm
Por Angela Ruiz
angela@videosoft.net.uy
Se ha reportado una vulnerabilidad capaz de producir una denegación de servicio en la Java Virtual Machine de Sun (JVM).
La serialización es un mecanismo mediante el cual se puede convertir un objeto en un flujo de bytes que represente su estado, y consecuentemente poder ser transportado a través de la red o almacenado de manera persistente en un sistema de archivos.
Java (J2SE), hace uso de ésta tecnología mediante un API (Application Program Interface), soportando la escritura y lectura de objetos en flujos de bytes, y definiendo una serie de características para proteger aquella información no susceptible de ser serializada.
Una vulnerabilidad en este API usado por Java, puede explotarse para sobrecargar en forma remota un Java Virtual Machine (JVM).
Esto resulta en una denegación de servicio (DoS) al consumirse todos los recursos del procesador y la memoria disponible.
Al momento actual no se conocen exploits que se aprovechen de este problema.
Son vulnerables las siguientes versiones de Java:
- Sun JRE (Windows Production Release) 1.1.6_009
- Sun JRE (Windows Production Release) 1.1.7 B_007
- Sun JRE (Windows Production Release) 1.1.8_009
- Sun JRE (Windows Production Release) 1.1.8_008
- Sun JRE (Windows Production Release) 1.1.8_007
- Sun JRE (Windows Production Release) 1.1.8_005
- Sun JRE (Windows Production Release) 1.1.8
- Sun JRE (Windows Production Release) 1.2
- Sun JRE (Windows Production Release) 1.2.1
- Sun JRE (Windows Production Release) 1.2.2_12
- Sun JRE (Windows Production Release) 1.2.2_015
- Sun JRE (Windows Production Release) 1.2.2_014
- Sun JRE (Windows Production Release) 1.2.2_013
- Sun JRE (Windows Production Release) 1.2.2_011
- Sun JRE (Windows Production Release) 1.2.2_010
- Sun JRE (Windows Production Release) 1.2.2_007
- Sun JRE (Windows Production Release) 1.2.2
- Sun JRE (Windows Production Release) 1.3 .0_05
- Sun JRE (Windows Production Release) 1.3 .0_04
- Sun JRE (Windows Production Release) 1.3 .0_02
- Sun JRE (Windows Production Release) 1.3 .0_02
- Sun JRE (Windows Production Release) 1.3
- Sun JRE (Windows Production Release) 1.3.1_09
- Sun JRE (Windows Production Release) 1.3.1_08
- Sun JRE (Windows Production Release) 1.3.1_07
- Sun JRE (Windows Production Release) 1.3.1_06
- Sun JRE (Windows Production Release) 1.3.1_05
- Sun JRE (Windows Production Release) 1.3.1_04
- Sun JRE (Windows Production Release) 1.3.1_03
- Sun JRE (Windows Production Release) 1.3.1_02
- Sun JRE (Windows Production Release) 1.3.1_01a
- Sun JRE (Windows Production Release) 1.3.1_01
- Sun JRE (Windows Production Release) 1.4 .0_04
- Sun JRE (Windows Production Release) 1.4 .0_03
- Sun JRE (Windows Production Release) 1.4 .0_02
- Sun JRE (Windows Production Release) 1.4 .0_01
- Sun JRE (Windows Production Release) 1.4
- Sun JRE (Windows Production Release) 1.4.1_07
- Sun JRE (Windows Production Release) 1.4.1_03
- Sun JRE (Windows Production Release) 1.4.1_02
- Sun JRE (Windows Production Release) 1.4.1_01
- Sun JRE (Windows Production Release) 1.4.1
- Sun JRE (Windows Production Release) 1.4.2_05
- Sun JRE (Windows Production Release) 1.4.2_04
- Sun JRE (Windows Production Release) 1.4.2_03
- Sun JRE (Windows Production Release) 1.4.2_02
- Sun JRE (Windows Production Release) 1.4.2_01
- Sun JRE (Windows Production Release) 1.4.2
- Sun JRE (Linux Production Release) 1.2.2_12
- Sun JRE (Linux Production Release) 1.2.2_015
- Sun JRE (Linux Production Release) 1.2.2_014
- Sun JRE (Linux Production Release) 1.2.2_013
- Sun JRE (Linux Production Release) 1.2.2_011
- Sun JRE (Linux Production Release) 1.2.2_010
- Sun JRE (Linux Production Release) 1.2.2_007
- Sun JRE (Linux Production Release) 1.2.2_006
- Sun JRE (Linux Production Release) 1.2.2_005
- Sun JRE (Linux Production Release) 1.2.2_004
- Sun JRE (Linux Production Release) 1.2.2_003
- Sun JRE (Linux Production Release) 1.2.2
- Sun JRE (Linux Production Release) 1.3 .0_05
- Sun JRE (Linux Production Release) 1.3 .0_04
- Sun JRE (Linux Production Release) 1.3 .0_03
- Sun JRE (Linux Production Release) 1.3 .0_02
- Sun JRE (Linux Production Release) 1.3 .0_01
- Sun JRE (Linux Production Release) 1.3 .0
- Sun JRE (Linux Production Release) 1.3.1_09
- Sun JRE (Linux Production Release) 1.3.1_08
- Sun JRE (Linux Production Release) 1.3.1_07
- Sun JRE (Linux Production Release) 1.3.1_06
- Sun JRE (Linux Production Release) 1.3.1_05
- Sun JRE (Linux Production Release) 1.3.1_03
- Sun JRE (Linux Production Release) 1.3.1_02
- Sun JRE (Linux Production Release) 1.3.1_01
- Sun JRE (Linux Production Release) 1.3.1
- Sun JRE (Linux Production Release) 1.4 .0_04
- Sun JRE (Linux Production Release) 1.4 .0_03
- Sun JRE (Linux Production Release) 1.4 .0_02
- Sun JRE (Linux Production Release) 1.4
- Sun JRE (Linux Production Release) 1.4.1_03
- Sun JRE (Linux Production Release) 1.4.1_02
- Sun JRE (Linux Production Release) 1.4.1_01
- Sun JRE (Linux Production Release) 1.4.1
- Sun JRE (Linux Production Release) 1.4.2_05
- Sun JRE (Linux Production Release) 1.4.2_04
- Sun JRE (Linux Production Release) 1.4.2_03
- Sun JRE (Linux Production Release) 1.4.2_02
- Sun JRE (Linux Production Release) 1.4.2_01
- Sun JRE (Linux Production Release) 1.4.2
- Sun JRE (Solaris Production Release) 1.2
- Sun JRE (Solaris Production Release) 1.2.1
- Sun JRE (Solaris Production Release) 1.2.2_11
- Sun JRE (Solaris Production Release) 1.2.2_11
- Sun JRE (Solaris Production Release) 1.2.2_07
- Sun JRE (Solaris Production Release) 1.2.2_05a
- Sun JRE (Solaris Production Release) 1.2.2_014
- Sun JRE (Solaris Production Release) 1.2.2_013
- Sun JRE (Solaris Production Release) 1.2.2_012
- Sun JRE (Solaris Production Release) 1.2.2_011
- Sun JRE (Solaris Production Release) 1.2.2_010
- Sun JRE (Solaris Production Release) 1.2.2
- Sun JRE (Solaris Production Release) 1.3 .0_05
- Sun JRE (Solaris Production Release) 1.3 .0_02
- Sun JRE (Solaris Production Release) 1.3 .0_02
- Sun JRE (Solaris Production Release) 1.3
- Sun JRE (Solaris Production Release) 1.3.1_09
- Sun JRE (Solaris Production Release) 1.3.1_08
- Sun JRE (Solaris Production Release) 1.3.1_07
- Sun JRE (Solaris Production Release) 1.3.1_06
- Sun JRE (Solaris Production Release) 1.3.1_05
- Sun JRE (Solaris Production Release) 1.3.1_04
- Sun JRE (Solaris Production Release) 1.3.1_03
- Sun JRE (Solaris Production Release) 1.3.1_02
- Sun JRE (Solaris Production Release) 1.3.1_01
- Sun JRE (Solaris Production Release) 1.4 .0_04
- Sun JRE (Solaris Production Release) 1.4 .0_04
- Sun JRE (Solaris Production Release) 1.4 .0_03
- Sun JRE (Solaris Production Release) 1.4 .0_02
- Sun JRE (Solaris Production Release) 1.4 .0_01
- Sun JRE (Solaris Production Release) 1.4
- Sun JRE (Solaris Production Release) 1.4.1_03
- Sun JRE (Solaris Production Release) 1.4.1_02
- Sun JRE (Solaris Production Release) 1.4.1_01
- Sun JRE (Solaris Production Release) 1.4.1
- Sun JRE (Solaris Production Release) 1.4.2_05
- Sun JRE (Solaris Production Release) 1.4.2_04
- Sun JRE (Solaris Production Release) 1.4.2_03
- Sun JRE (Solaris Production Release) 1.4.2_02
- Sun JRE (Solaris Production Release) 1.4.2_01
- Sun JRE (Solaris Production Release) 1.4.2
No son vulnerables las siguientes versiones:
- Sun JRE (Windows Production Release) 1.4.2_06
- Sun JRE (Linux Production Release) 1.4.2_06
- Sun JRE (Solaris Production Release) 1.4.2_06
Solución
Descargar e instalar la versión Java JRE 1.4.4_06 o superior
Descarga:
Java Runtime Environment (JRE), Standard Edition 1.4.2_06
http://java.sun.com/j2se/1.4.2/download.html
Créditos:
Marc Schoenefeld <schonef@uni-muenster.de>
Referencias:
Rumours about Opera
http://www.securityfocus.com/archive/1/382309
(c) Video Soft - http://www.videosoft.net.uy
(c) VSAntivirus - http://www.vsantivirus.com
|
 
|
|
